The present invention relates to a communication apparatus.
In recent years, there are many incidents where an attacker intrudes a network in a critical infrastructure such as a power plant and takes over the control of the system. The network of the critical infrastructure is protected by a firewall device or anti-virus software or the like installed in a terminal such as a personal computer, but it has not been possible to completely prevent the intrusion of an attacker attempting to take over the control of the system. Examples of a method to mitigate the risk caused by the intrusion of an attacker include a use of the whitelist function. The whitelist function is to enhance the security level by registering, in a whitelist storage device, authorized terminal information included in the information of authorized communications that flow through the network, and blocking any unauthorized communications other than communications from authorized terminals registered in the whitelist storage device.
Prior art documents of this art include JP2009-239525 A (Patent Document 1), and JP2015-050767 A (Patent Document 2). Patent Document 1 describes that “a packet filtering device receives a packet sent from an SIP server, determines whether the received packet is a response to a verification request sent from an SIP client at a predetermined time interval, and if the packet is a response to the verification request and if sender information of the packet is not saved in a whitelist, obtains and stores the sender information of the packet in the whitelist. If network congestion is detected, the packet filtering device receives packets on the network, and transfers the packets that have the sender information thereof saved in the whitelist preferentially to the packets that do not have the sender information thereof stored in the whitelist, among the received packets.” (See Abstract)
Patent Document 2 describes that “a network switch includes: a whitelist monitoring part that has stored therein a whitelist including allowable communication rules and that monitors at least one packet input through a plurality of switch interfaces based on the whitelist, the whitelist monitoring part allowing communications of packets that comply with the whitelist; and a whitelist management part that updates the whitelist and sends the whitelist to the whitelist monitoring part.” (See Abstract)